NSA Defends Itself After Privacy Breaches Revealed

The National Security Agency sought Friday to defend its operation of sensitive spy programs in the wake of revelations it had violated its own privacy rules on nearly 3,000 occasions.

The NSA's director of compliance,
John DeLong,
repeatedly said in a conference call with reporters that the 2,776 violations reflected no willful effort to violate Americans' privacy. "NSA has a zero-tolerance policy for willful misconduct," Mr. DeLong said. "None of the incidents that were in the document released were willful."

Mr. DeLong reported, however, "a couple" of willful violations in the past decade. He didn't provide details. "No one at NSA thinks a mistake is OK, but those kinds of reports are designed and generated to make sure we understand when mistakes occur," he said.

Mr. DeLong's comments were the NSA's most direct effort to date to counter mounting concern over its spy activities and their effect on Americans since former NSA contractor
Edward Snowden
began making classified documents public. The internal audit report on privacy violations was revealed by the Washington Post Thursday night.

That report analyzed the different types of violations of policy or law for the year ended March 2012. The bulk stemmed from issues where the NSA continued monitoring foreigners through their cellphone use after they crossed into the U.S.

"These incidents are largely unpreventable," the audit report said. The NSA said the surge in "roamer" incidents may be attributable to an increase in Chinese travel to visit friends in the U.S. for the Lunar New Year holiday.

The report also cited "significant incidents" of violations. One was a mishandling of telephone data housed in an NSA database, where the NSA found that more than 3,000 records had been retained past their five-year expiration date. Mr. DeLong said the call records were destroyed as soon as they were discovered and that they hadn't been accessible to analysts.

Another violation, according to the audit report, occurred when an individual remained under surveillance even after obtaining a green card, which would have required the NSA to obtain an individualized warrant to keep monitoring the person. Another violation was the improper granting of access to a sensitive database.

The Post reported a separate issue where phone data were collected on a "large number" of numbers in Washington, D.C., because the system was incorrectly set to the 202 area code instead of the 20 county code, which is Egypt.

Another document the Post made public offered a glimpse of a more serious constitutional violation by NSA, when it established a collection program for "Multiple Communications Transactions" that the Foreign Intelligence Surveillance Court deemed "deficient on statutory and constitutional grounds."

Mr. DeLong said he couldn't describe the scope of that violation but said it wasn't willful. The collection later resumed under new court-approved procedures, he said.

In its article, the Washington Post said the audit hadn't been made available to Congress. Mr. DeLong said NSA provided this type of data to lawmakers and agencies with oversight responsibilities, but he said this particular report was for internal use. The results, he said, were incorporated into other reports provided to Congress.

At the White House, spokesman
Josh Earnest
emphasized that the violations didn't reflect willful law breaking and the detailed report shows the NSA is aggressively monitoring itself.

Lawmakers on the intelligence committees that oversee the programs said more should be done to probe the programs, but added they weren't aware of intentional violations of the law. The Senate Intelligence Committee "has never identified an instance in which the NSA has intentionally abused its authority to conduct surveillance for inappropriate purposes," said its chairman, Sen. Dianne Feinstein (D., Calif.), in a written statement.

Her House counterpart,
Mike Rogers
(R., Mich.), said his committee takes seriously all errors but they are "unfortunately inevitable in any organization and especially in a highly technical and complicated system like NSA."

However, the top Democrat on the House Intelligence Committee, Rep. C.A. "Dutch" Ruppersberger (D., Md.), called the reports of privacy violations "incredibly troubling." Mr. Ruppersberger, whose district includes the NSA, said he has instructed his staff to investigate, but so far they haven't found any intentional violations.

Senate Judiciary Committee Chairman
Patrick Leahy
(D., Vt.) said he worried officials weren't telling a full story. "I remain concerned that we are still not getting straightforward answers from the NSA," he said, vowing to hold a further hearing on the matter.

Rep.
Adam Schiff
(D., Calif.) said the audit report shows a need for Congress to improve its oversight of intelligence programs. The intelligence committee, he said, "suffers from a tremendous mismatch of resources compared to the agencies," which makes it reliant on agencies to report their own mistakes.

Sens.
Ron Wyden
(D., Ore.) and
Mark Udall
(D., Colo.), who have criticized the NSA's surveillance programs, called the privacy violations "just the tip of a larger iceberg."

This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact Dow Jones Reprints at 1-800-843-0008 or visit www.djreprints.com.